New submission from Julien ÉLIE <jul...@trigofacile.com>: RFC 4643:
The server MAY list the AUTHINFO capability with no arguments, which indicates that it complies with this specification and does not permit any authentication commands in its current state. In this case, the client MUST NOT attempt to utilize any AUTHINFO commands, even if it contains logic that might otherwise cause it to do so (e.g., for backward compatibility with servers that are not compliant with this specification). Yet, nntplib attempts to authenticate. self.capabilities() should be sent at startup. If "READER" is advertised, no need to send a "MODE READER" command at all... If "MODE-READER" is advertised, then "MODE READER" (if wanted) can be sent. Then, self.capabilities() should be sent again. Capabilities changed! Then authentication if "AUTHINFO USER" is advertised with NNTP version >=2. If "AUTHINFO" without "USER", no authentication at all. And after authentication, self.capabilities() should be sent again. Please note that the readermode_afterauth variable I see in the source code should normally not be used by a client... RFC 4643 mentions: o the MODE READER command MUST NOT be used in the same session following successful authentication. ---------- components: Library (Lib) messages: 120183 nosy: jelie priority: normal severity: normal status: open title: NNTP authentication should check capabilities versions: Python 3.2 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue10287> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com